Tuesday, November 16, 2010

techrepublic.comAttacks against information assets — government, corporate, and personal — have been going on for some time. Yet many users and organizations have blatantly ignored recommendations for protecting mobile devices, exposing themselves, their businesses, their customers, and often employees to harm. These devices in the hands of mobile workers are exposed to a variety of threats:

Hotel wired networks are often wide open to eavesdropping by cybercriminals or other guests. Jacking into a network frequently equates to sending and receiving information over a single collision domain. This means all packets for a set of rooms, a floor, several floors, or even the entire hotel/motel are seen by all other systems on the network. Unprotected packets are prime targets for capture, analysis, and data extraction.

Connecting to unencrypted hotel or other public wireless networks, sending sensitive information out into the ether, is a well-known problem. I won’t beat it to death.

Improper configuration of firewalls or the total lack of an end-user device security perimeter, allows anyone, anytime, and anywhere to use public networks to peruse private information on laptops, smartphones, or PDAs.

Some unencrypted stolen or lost devices are a treasure chest of information, including passwords, customer and employee information, and user identity data. In large, chaotic venues, it isn’t difficult to lose a laptop or PDA.

This is not a complete list of potential attack vectors, but proper attention to those four issues reduces risk to a reasonable and appropriate level. The following steps are a good start in preventing information or system compromise.

Prior to starting ComSec LLC in 2007, Mr. LeaSure was active within the counterespionage, counterterrorism and TSCM fields for 26 years. He has attained the prestigious CCISM, Certified Counterespionage Information Security Management Certification. He also has extensive training, knowledge and experience in the identification of eavesdropping devices, espionage detection methods and the intelligence collection tactics most often employed by perpetrators of electronic espionage.

J.D. LeaSure is also the Director of the Espionage Research Institute International (ERII). As Director, he is tasked with ensuring the organization is successful in its mission to provide continuing education, facilitate professional relationship building and ensure the counterespionage & counterintelligence skill sets of its membership remains current as espionage tactics and devices evolve.